7.8
CVE-2025-24914 - Local Priviledge Escalation
When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-2β¦
6.9
CVE-2025-1697 - HP Touchpoint Analytics Service β Potential Escalation of Privilege
A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing software updates to mitigate this potential vβ¦
6.5
CVE-2025-32796 - Dify Allows Unauthorized APP Enable/Disable via API
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes. β¦
6.5
CVE-2025-32795 - Dify Allows Insecure User Role Access Control for APP Editing
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite beβ¦
8.7
CVE-2025-32792 - ses's global contour bindings leak into Compartment lexical scope
SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using `ses` and the Compartment API to evaluate third-party code in an isolated execution environment that havβ¦
7.5
CVE-2025-32442 - Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass
Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a _slightly altered_ content type such as wβ¦
8.6
CVE-2025-32389 - NamelessMC Vulnerable to SQL Injections in /user/messaging and /panel/users/reports Pages
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure `?param[0]=a¶m[1]=b&β¦
5.3
CVE-2025-31120 - NamelessMC Vulnerable to Cookie-Based View Count Manipulation
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie (nl-topic-[tβ¦
7.1
CVE-2025-31118 - NamelessMC Has Forum Reply Submission Time Limit Bypass
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, reβ¦
7.3
CVE-2025-30357 - NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator deβ¦